Skip to content

5.12 Compliance and Audit

5.12.1 Compliance Reporting

Regulation Requirement ISE/DNAC Feature Report
PCI-DSS 7.1 Access control Authorization policies ISE Auth Report
PCI-DSS 8.1 User identification 802.1X authentication ISE Auth Report
PCI-DSS 10.1 Audit trails RADIUS accounting ISE Accounting
SOC2 CC6.1 Logical access SGT-based segmentation DNAC Policy Report
GDPR Art.32 Access logging RADIUS live logs ISE Audit Report
HIPAA Access control Role-based policies ISE Auth Report

5.12.2 Audit Log Configuration

! Enable comprehensive logging on network devices

archive
 log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys

logging buffered 65536 informational
logging host 10.252.1.30 transport udp port 514

! AAA accounting
aaa accounting dot1x default start-stop group RADIUS-GROUP
aaa accounting exec default start-stop group TACACS-GROUP
aaa accounting commands 15 default start-stop group TACACS-GROUP
aaa accounting network default start-stop group RADIUS-GROUP

5.12.3 ISE Audit Reports

# Administration > System > Logging > Remote Logging Targets

Audit_Logging:
  SIEM_Integration:
    Target: siem.corp.local
    Port: 6514
    Protocol: TLS-Syslog
    Format: RFC 5424
    Events:
      - Administrative Changes
      - Policy Changes
      - Authentication Events
      - Authorization Changes

Scheduled_Audit_Reports:
  # Operations > Reports > Report Scheduler

  Weekly_Admin_Audit:
    Report: Device Administration Audit
    Schedule: Weekly (Monday 08:00)
    Recipients: security-audit@corp.local

  Monthly_Policy_Changes:
    Report: Policy Change Audit
    Schedule: Monthly (1st, 08:00)
    Recipients: compliance@corp.local

  Quarterly_Access_Review:
    Report: Authentication Summary
    Schedule: Quarterly
    Recipients: audit@corp.local

5.12.4 Compliance Evidence Collection

# Quarterly Compliance Evidence Package

Evidence_Package:
  Network_Segmentation:
    - DNAC Virtual Network configuration export
    - SGACL policy matrix export
    - Firewall rule export
    - Traffic flow samples showing enforcement

  Access_Control:
    - ISE authorization policy export
    - User authentication success rates
    - Failed authentication analysis
    - Service account review

  Audit_Trails:
    - RADIUS accounting logs (sample)
    - TACACS+ admin logs (sample)
    - Configuration change logs
    - Policy change audit trail

  Encryption:
    - MACsec configuration evidence
    - TLS certificate inventory
    - RADIUS encryption settings

  Change_Management:
    - Change tickets for period
    - CAB meeting minutes
    - Emergency change documentation